The OP is the data controller of any personal information that we collect about you. We are committed to protecting your privacy and keeping your data safe. If you have any questions about this policy, or about The OP’s use of your personal information, please email email@example.com.
Company Number: OC435421
How we collect personal information
If you register as a new patient with us
If you register as a new patient with us, contact us with an enquiry, or sign up to any marketing material, we will collect from you and hold information including your full name, gender, date of birth, emergency contact, how you heard about us, nationality, your home address, telephone number, email address, job title, height, weight, past medical history including medications and any other information you supply. We will use the personal information that we collect about you to:
- assess your eligibility to undertake a full consultation with us, or if different actions are required, to ensure your safety comes first.
- verify your identity and comply with our legal obligations, to protect and defend our rights and to pursue our legitimate business interests.
- administer a safe and proper consultation and any other services
- provide the benefits of services and keep you up to date with news about The OP’s activities, according to your communication preferences.
- administer The OP and fulfil its aims, for example by collating and analysing data to ensure we are meeting the needs of our clients, developing services which may be of interest to our clients and more.
- prevent and detect financial and /or identity fraud
- provide you with services and advice that you request, for example by becoming a client of ours you are opting in to receive new products, offers and ways to help you win in health.
In the process of providing our client services and pursuing our legitimate interests, we may also process your data in the following ways:
- record details of your interactions with us
- record telephone conversations with our enquiries team
- record details of information you have given us and advice we have provided to you
- analyse anonymised details of your visits to our website.
If you contact us, including by post, emails or through forms available on The OP website
You can contact us in various ways, including by post, emailing us, or through online forms. If you contact us in any of these ways, we will collect the information that you choose to provide and will use it:
- to investigate any query that you raise with us
- to provide any advice or assistance that you request from us
- keep you up to date with news about the OP’s activities by email and by post, according to your communication preferences.
If you are not an Online Physiotherapist client
If you are not an OP client but interact with us, we may collect and hold information about you, in the same way as information above, if you:
- contact us by any means with an enquiry/fill in an online form
- visit our website
- make an online purchase
- purchase a product or service by email
- engage with us on our social media platforms
The legal conditions we rely on to process personal information
The law on data protection sets out the reasons we may collect and process your personal data. We rely on the following legal conditions to process your personal data:
Entering into and performing a contract with you: we process personal information as is necessary to perform the membership agreement, as appropriate to your level of membership.
Legitimate interests: in specific situations, we require your data to undertake our legitimate business interests of running our business, which does not materially impact your rights, freedom or interests.
Legal compliance: if the law requires us to, we may need to collect and process your data.
Consent: in specific situations, we can only collect and process your data with your permission.
We will not collect any personal data from you that we do not need. You have several rights regarding the use of your personal data, this is summarised in the ‘your rights ‘section below.
We send clients several different types of email:
- Administration, governance and legal matters, for example, any significant changes to our terms and conditions, cookies policy or any legal or governmental legislation that affects our service. We use our legitimate interest as the legal basis for sending these.
- Delivery of the membership package, for example the weekly Physiotherapy News email. This is part of our subscription agreement with members, so we use our contractual legal basis.
- Promotion of client benefits to our service, and opportunities to access material that we believe will help them. We send these only where we have members’ consent to do so.
You can choose which emails you want to receive at any time through the ‘email preferences’ section of your website account area. You can also unsubscribe from mailings from the link at the bottom of our emails.
We may collect data directly from you, as well as analysing your browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to ensure that we contact you with information on products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated decision making. We may do this to decide what marketing communications are suitable for you and this activity is based on our legitimate interests to develop and improve our products and services.
Also to provide more personalised services and experiences, we may review data held by external social media platform providers about you, for example, details on your Twitter or Facebook profiles that you have chosen to make publicly accessible such as your name, date of birth.
We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process data by profiling and segmenting, identifying what our Clients like and ensuring messages we send them are relevant based on their demographics, interests, purchase behaviour, online web browsing activity and engagement with previous communications. We may also use your data to exclude you from communications which we feel are irrelevant to you.
Another example of how we may tailor our communications with you is that we may group individuals with similar interests using this data so we can send them product news or promotional offers that are relevant to that shared interest.
Storage, retention and destruction of records
We store your records in accordance with the DPA, in encrypted and lockable files. Retention schedules vary according to the type of record but, in general, for those with capacity is usually eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age. Other types of records may need to be stored indefinitely.
Destruction of these records is made at the allotted time, in accordance with the DPA.
You can be sure that we will not retain your data for longer than necessary. In summary, various laws, accounting and regulatory requirements applicable to us require us to retain certain records for specific amounts of time.
Identity and contact details of the data controller
The Online Physiotherapist is the controller and processor of data for the purposes of the GDPR 2018 and UK-GDPR 2020. We are registered with the ICO.
If you have any concerns as to how your data is processed, please contact the Head of Governance at: firstname.lastname@example.org.
If you live outside the UK
For all non-UK contacts (International Advice Service).
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this privacy notice.
We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
Changes to this notice
Last Updated 7th March 2022